Sextortion: Criminals Blackmail Users with Sensitive Information

Many despicable trends have emerged on the Internet in recent years. Perhaps the most contemptible of these is sexual extortion, commonly referred to as “sextortion.”

Though the term sextortion dates back to an April 5, 1950 edition of the Los Angeles Times, we’re talking about the online variety: essentially a form of sexual exploitation whereby predators obtain explicit photos or videos of their victims and threaten to make them public unless the victim provides some favor, generally of a sexual nature, to keep the content private. In other words, the criminal demands more photos or videos or maybe payment from the victim under the threat that failure to provide this will result in publication or dissemination of said content.

Sextortion schemes can unfold in a number of ways.

Sextortion schemes can unfold in a number of ways. An attacker can install spyware on a victim’s machine, whether it’s a traditional computer or a mobile device, turning on the camera and recording footage. Similarly, a victim can be compelled to download malware through phishing and other means, allowing an attacker to steal sexual content that may already be stored in a file on that machine. My guess is that the most likely scenario involves a vengeful ex-boyfriend or girlfriend threatening to post images, videos or messages that were initially obtained consensually. Finally, and this one is news to me, today I read a report about a man who obtained such images after stealing a laptop from his victim’s home.

Obviously, this last bit of news is troubling, because nearly all of us a susceptible to device theft, though I think it’s safe to assume that not everyone has explicit photos or videos stored on our computers. Sadly, the case of the stolen laptop referenced above ended in suicide. As have many cases among teens who’ve bullied peers in this way. Equally troubling is the fact that these “sextortion” incidents are increasingly showing up in cases of child pornography, as is apparent in this Fresno, California grand jury indictment.

However, I think it is important to look at this more holistically, because it all boils down to some malicious party using your own data to harm you. Regardless of what we’ve stored on our personal computers and mobile devices and other machines – sexual or otherwise – there is something embarrassing lurking in the memory for nearly all of us.

Think about it: how many times have you sent an offensive text message or email as a joke to a friend? Have you ever bad-mouthed a colleague? Ever discussed a wildly illegal, albeit hypothetical criminal scheme? To that end, ever discussed a real criminal scheme? We all talk about dumb stuff that we would rather keep private, which is one of the reasons the “you don’t need privacy if you have nothing to hide” argument is so absurd. We all have something to hide, and anyone who claims otherwise is either lying or hasn’t really thought about it.

And this is one of the primary reasons why we should always take all necessary measures to protect our data. We talk a lot about backing devices up in order that we don’t lose our valued information, but that’s only one part of data-protection. We also need to ensure that our data cannot be stolen by those that would do us harm.

So let’s run through these scenarios one by one and see if there is a way to protect ourselves from having our own information used against us. First and foremost: the best bet is to not store any information that can be used to harm you, though we understand this is easier said then done. However, if you do have personally sensitive information or files, consider protecting that data with a password or putting it on an external hard-drive.

Keeping a former partner from airing out dirty laundry about you is nearly impossible. All you can really do is hope that person you dated is at least a partly decent human being. However, preventing someone from installing malware or spyware on your machines is actually fairly easy. Just follow the steps you already follow to keep malware off your devices. Protect them with a security solution. Don’t follow sketchy links in dubious emails. Be careful about the websites you visit. Make sure your computer and all software is fully patched and up to date. Don’t leave your computer lying around in public places. Don’t just plug random memory devices into your machines and mobile devices.

As far as theft is concerned, make sure you have some sort of device tracking and remote wipe software installed on your devices. The iCloud offers some great options for Apple users of both Mac and iOS devices. Kaspersky Internet Security for Android has an excellent remote lock and wipe feature as well. Windows Intune is basically a cloud management console for Windows and other operating systems that gives users the power to perform factory resets, selective and full memory wipes, remotely lock a lost or stolen device, and reset passwords.

Many despicable trends have emerged in recent years but #sextortion may be the most contemptible.